N TCP 6891-6900 IN TCP 1863 IN UDP 1863 IN UDP 5190 IN TCP 6901 IN UDP 690 I blocked it by locking out the following ports: 6891-6901 and 1863. That was not enough as messenger eventually worked over HTTP (port 80). The router I was using lets me block keywords in HTTP, so I blocked "gateway.messenger" to kill that route. I did find that a different version of messenger used 8080 as a backup, so I blocked that one also. In any event, if you want to figure out what is happening, you need a sniffer like Ethereal. It's free and effective. For this sort of thing you can just run it on the same machine you are trying to block. Capture the packets when you start up messenger and all the details of what it is trying to do will become clear. The best and easiest way I found is to block IN (any or all* internal IP) -> to OUT Ip: 207.46.104.20 Example: in your router firewall settings; DENY Source: LAN, 192.168.0.102 -> Destination: WAN, 207.46.104.20 (with any protocol and all* ports) Worked great for me and my Dlink Di-604 router. The computer hard-coded to 192.168.0.102 could not log into MSN -Just some quick thought, while I am working in the garden Ronald Gledhill Supreme FRS Master

I would strongly suggest three other approaches - apply all three of them:
1) Company policy enforced by board/HR department on chat clients -
restrict as appropriate
2) Company policy enforced by board/HR department on installing software
- lock down workstation rights to prevent it to if appropriate.
3) Set your firewall to block all outbound communications by default and
only allow specific communication types out. Add an internal web/ftp
proxy (this will probably be the only machine/IP address allowed out on
ports 80+443 + 21) and you have a great deal more control of your user
base and bandwidth use. This has the added benefit of probably keeping
naughty communications from any possible infections *inside* your network.